RFR: 8229957: Harden pid verification in attach mechanism
Leonid Mesnik
leonid.mesnik at oracle.com
Tue Aug 20 23:32:51 UTC 2019
Hi
Could you review following fix which add sanity check of pid value in
attach mechanism on *nix based platforms.
PID for java process is always positive on affected OS. Hotspot
internally uses signal (SIGQUIT) while attaching. So using negative
numbers as pid might cause very unexpected results and should be prevented.
webrev: http://cr.openjdk.java.net/~lmesnik/8229957/webrev.00/
bug: https://bugs.openjdk.java.net/browse/JDK-8229957
I checked that jcmd doesn't allow to connect to negative pids.
Leonid
More information about the serviceability-dev
mailing list